Homework 1

Questions

This survey asks you questions about robust coding. Please answer the questions as best you can. The answers will not be graded! Our goal is to see where the gaps are, and to tailor parts of the class to focus on that material.

Also, the teacher will not be told individuals’ scores; he will simply be told whether you took the survey. He will also be told the overall results, but not any individual results.

Thus, you will either receive full credit for this question, or no credit.

(30 points) This question tries to put you in the right frame of mind for the human element of computer security.

Please select any non-computer science book or movie that takes a point of view and twists it unexpectedly. The twist may be an invalidation of an assumption, exploiting a weakness in a system, an unusual view of a situation that reveals something previously unknown, or that shows the situation is not as it seems. Then, write at most 1 pageabout the twist and how it relates to the assumptions that characters in the book or movie (or the readers or viewers) make, as well as how the twist illustrates the (mis)placement of trust.

Please use proper English when writing your paragraphs. Remember that we may not have read the book or seen the movie, so review as much as necessary for us to understand the nature of the twist.

(30 points) Classify each of the following as a violation of confidentiality, of integrity, of availability, or of some combination thereof.

John copies Mary’s homework.

Paul crashes Linda’s system.

Carol changes the amount of Angelo’s check from $100 to $1,000.

Gina forges Roger’s signature on a deed.

Rhonda registers the domain name “Pearson.com” and refuses to let the publishing house buy or use that domain name.

Jonah obtains Peter’s credit card number and has the credit card company cancel the card and replace it with another card bearing a different account number.

Henry spoofs Julie’s IP address to gain access to her computer.

(20 points) In response to a serious intrusion, the university system president directed that an intrusion detection system be installed on each campus to monitor the network traffic campus network. The goal was to allow the system information security officers (SSOs) to detect and co-ordinate response to attacks that spanned multiple campuses. The intrusion detection system was placed outside the campus gateway, so it could only record traffic crossing the gateway. It did not try to block any traffic, nor was it able to decrypt any encrypted traffic. The campus information security officers (CSOs) were told of the installation, and were also told not to reveal it for legal reasons. No-one else on campus was told of the additional monitoring.

What was the effect of the failure to inform the campus community of the existence of this monitoring system? How do you think it impacted the security of the campus?

Extra Credit

(20 points) Consider the set of rights \rset{read, write, execute, append, list, modify, own}.
Using the syntax in Chapter 2, write a command delete_all_rights(p, q, o). This command causes p to delete all rights the subject q has over an object o only if p has modify rights over o and q does not have own rights over o.